شرکت مایکروسافت در روز سهشنبه ۱۲ ماه جولای، اصلاحیههای امنیتی ماهانه خود را منتشر کرد. در این بهروزرسانی ۱ آسیبپذیری روز صفر و در مجموع ۸۴ نقص امنیتی وصله شد.
جزئیات آسیب پذیریهای ماه جولای
از ۸۴ آسیبپذیری وصله شده، ۴ مورد با درجه اهمیت «حیاتی» و از نوع اجرای کد از راه دور هستند. تعداد هر یک از این آسیبپذیریها به تفکیک بر اساس فهرست زیر میباشد:
- 52 نمونه آسیبپذیری افزایش سطح دسترسی
- 4 نمونه آسیبپذیری عبور از راهکارهای امنیتی
- 12 نمونه آسیبپذیری اجرای کد از راه دور
- 11 نمونه آسیبپذیری افشای اطلاعات
- 5 نمونه آسیبپذیری منع سرویس
برای کسب اطلاعات بیشتر و دریافت و نصب وصلههای امنیتی ارائه شده ماه جولای، به سایت مایکروسافت مراجعه کنید.
آسیبپذیری روز صفر
مایکروسافت آسیبپذیری روز صفر در Client/Server Runtime Subsystem (CSRSS) و با عنوان CVE-2022-22047 را که مورد بهرهبرداری قرار گرفته، در بهروزرسانیهای جولای ۲۰۲۲ وصله کرده است.
گفتنی است، این آسیبپذیری توسط مرکز اطلاعات تهدیدات مایکروسافت (MSTIC) و مرکز پاسخگویی امنیتی مایکروسافت (MSRC) کشف شده است.
توصیه میشود که هرچه سریعتر وصلههای امنیتی منتشر شده را دانلود و نصب نمایید.
در جدول زیر میتوانید اطلاعات مرتبط با آسیبپذیریهای ارائه شده را مشاهده کنید:
| عنوان | شناسه آسیبپذیری (CVE ID) | عنوان آسیبپذیری ( CVE title) | شدت |
|---|---|---|---|
| AMD CPU Branch | CVE-2022-23825 | AMD: CVE-2022-23825 AMD CPU Branch Type Confusion | Important |
| AMD CPU Branch | CVE-2022-23816 | AMD: CVE-2022-23816 AMD CPU Branch Type Confusion | Important |
| Azure Site Recovery | CVE-2022-33665 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-33666 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-33663 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-33664 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-33667 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-33672 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-33673 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-33671 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-33668 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-33661 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-33662 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-33657 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-33656 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-33658 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-33660 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-33659 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-33655 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-33651 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-33650 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-33652 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-33654 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-33653 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-33669 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-33643 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-30181 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-33676 | Azure Site Recovery Remote Code Execution Vulnerability | Important |
| Azure Site Recovery | CVE-2022-33677 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-33678 | Azure Site Recovery Remote Code Execution Vulnerability | Important |
| Azure Site Recovery | CVE-2022-33642 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-33674 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-33675 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-33641 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Storage Library | CVE-2022-30187 | Azure Storage Library Information Disclosure Vulnerability | Important |
| Microsoft Defender for Endpoint | CVE-2022-33637 | Microsoft Defender for Endpoint Tampering Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2022-2295 | Chromium: CVE-2022-2295 Type Confusion in V8 | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-2294 | Chromium: CVE-2022-2294 Heap buffer overflow in WebRTC | Unknown |
| Microsoft Graphics Component | CVE-2022-22034 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2022-30213 | Windows GDI+ Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2022-30221 | Windows Graphics Component Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2022-33632 | Microsoft Office Security Feature Bypass Vulnerability | Important |
| Open Source Software | CVE-2022-27776 | HackerOne: CVE-2022-27776 Insufficiently protected credentials vulnerability might leak authentication or cookie header data | Important |
| Role: DNS Server | CVE-2022-30214 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Role: Windows Fax Service | CVE-2022-22024 | Windows Fax Service Remote Code Execution Vulnerability | Important |
| Role: Windows Fax Service | CVE-2022-22027 | Windows Fax Service Remote Code Execution Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2022-30223 | Windows Hyper-V Information Disclosure Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2022-22042 | Windows Hyper-V Information Disclosure Vulnerability | Important |
| Skype for Business and Microsoft Lync | CVE-2022-33633 | Skype for Business and Lync Remote Code Execution Vulnerability | Important |
| Windows Active Directory | CVE-2022-30215 | Active Directory Federation Services Elevation of Privilege Vulnerability | Important |
| Windows Advanced Local Procedure Call | CVE-2022-30202 | Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability | Important |
| Windows Advanced Local Procedure Call | CVE-2022-30224 | Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability | Important |
| Windows Advanced Local Procedure Call | CVE-2022-22037 | Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability | Important |
| Windows BitLocker | CVE-2022-22711 | Windows BitLocker Information Disclosure Vulnerability | Important |
| Windows BitLocker | CVE-2022-22048 | BitLocker Security Feature Bypass Vulnerability | Important |
| Windows Boot Manager | CVE-2022-30203 | Windows Boot Manager Security Feature Bypass Vulnerability | Important |
| Windows Client/Server Runtime Subsystem | CVE-2022-22026 | Windows CSRSS Elevation of Privilege Vulnerability | Important |
| Windows Client/Server Runtime Subsystem | CVE-2022-22049 | Windows CSRSS Elevation of Privilege Vulnerability | Important |
| Windows Client/Server Runtime Subsystem | CVE-2022-22047 | Windows CSRSS Elevation of Privilege Vulnerability | Important |
| Windows Connected Devices Platform Service | CVE-2022-30212 | Windows Connected Devices Platform Service Information Disclosure Vulnerability | Important |
| Windows Credential Guard | CVE-2022-22031 | Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability | Important |
| Windows Fast FAT Driver | CVE-2022-22043 | Windows Fast FAT File System Driver Elevation of Privilege Vulnerability | Important |
| Windows Fax and Scan Service | CVE-2022-22050 | Windows Fax Service Elevation of Privilege Vulnerability | Important |
| Windows Group Policy | CVE-2022-30205 | Windows Group Policy Elevation of Privilege Vulnerability | Important |
| Windows IIS | CVE-2022-30209 | Windows IIS Server Elevation of Privilege Vulnerability | Important |
| Windows IIS | CVE-2022-22025 | Windows Internet Information Services Cachuri Module Denial of Service Vulnerability | Important |
| Windows IIS | CVE-2022-22040 | Internet Information Services Dynamic Compression Module Denial of Service Vulnerability | Important |
| Windows Kernel | CVE-2022-21845 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Media | CVE-2022-22045 | Windows.Devices.Picker.dll Elevation of Privilege Vulnerability | Important |
| Windows Media | CVE-2022-30225 | Windows Media Player Network Sharing Service Elevation of Privilege Vulnerability | Important |
| Windows Network File System | CVE-2022-22029 | Windows Network File System Remote Code Execution Vulnerability | Critical |
| Windows Network File System | CVE-2022-22028 | Windows Network File System Information Disclosure Vulnerability | Important |
| Windows Network File System | CVE-2022-22039 | Windows Network File System Remote Code Execution Vulnerability | Critical |
| Windows Performance Counters | CVE-2022-22036 | Performance Counters for Windows Elevation of Privilege Vulnerability | Important |
| Windows Point-to-Point Tunneling Protocol | CVE-2022-30211 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | Important |
| Windows Portable Device Enumerator Service | CVE-2022-22023 | Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability | Important |
| Windows Print Spooler Components | CVE-2022-30206 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| Windows Print Spooler Components | CVE-2022-30226 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| Windows Print Spooler Components | CVE-2022-22022 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| Windows Print Spooler Components | CVE-2022-22041 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| Windows Remote Procedure Call Runtime | CVE-2022-22038 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
| Windows Security Account Manager | CVE-2022-30208 | Windows Security Account Manager (SAM) Denial of Service Vulnerability | Important |
| Windows Server Service | CVE-2022-30216 | Windows Server Service Tampering Vulnerability | Important |
| Windows Shell | CVE-2022-30222 | Windows Shell Remote Code Execution Vulnerability | Important |
| Windows Storage | CVE-2022-30220 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| XBox | CVE-2022-33644 | Xbox Live Save Service Elevation of Privilege Vulnerability | Important |
